INITIAL Version of TACACS Protocol

C.

The original TACACS, developed in the early ARPANet days, had very limited functionality and used the UDP transport.In the early 1990s, the protocol was extended to include additional functionality and the transport changed to TCP.

TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default.

TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD.

TACACSD uses TCP and usually runs on port 49

It would determine whether to accept or deny the authentication request and send a response back.

TACACS+ TACACS+ and RADIUS have generally replaced TACACS and XTACACS in more recently built or updated networks.

TACACS+ is an entirely new protocol and is not compatible with TACACS or XTACACS.

TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP)

Since TCP is connection oriented protocol, TACACS+ does not have to implement transmission control.RADIUS, however, does have to detect and correct transmission errors like packet loss, timeout etc.

since it rides on UDP which is connectionless.

RADIUS encrypts only the users' password as it travels from the RADIUS client to RADIUS server.

All other information such as the username, authorization, accounting are transmitted in clear text.

Therefore it is vulnerable to different types of attacks.

TACACS+ encrypts all the information mentioned above and therefore does not have the vulnerabilities present in the RADIUS protocol.

RADIUS and TACACS + are client/ server protocols, which means the server portion cannot send unsolicited commands to the client portion.

The server portion can only speak when spoken to.

Diameter is a peer-based protocol that allows either end to initiate communication.

This functionality allows the Diameter server to send a message to the access server to request the user to provide another authentication credential if she is attempting to access a secure resource.

Reference(s) used for this question: http://en.wikipedia.org/wiki/TACACS and Harris, Shon (2012-10-18)

CISSP All-in-One Exam Guide, 6th Edition (p.

239)

McGraw-Hill.

Kindle Edition.

The Terminal Access Controller Access Control System (TACACS) is a protocol used to provide centralized authentication, authorization, and accounting (AAA) services in network infrastructure devices, such as routers, switches, and firewalls.

The original version of TACACS, known as TACACS or TACACS+ Version 1, was developed by Cisco Systems and used TCP as its underlying transport protocol for communication between clients and servers.

TCP (Transmission Control Protocol) is a connection-oriented protocol that guarantees the reliable and ordered delivery of data packets between endpoints. TACACS+ Version 1 used TCP to establish a session between the client and the server, exchange messages and data, and terminate the session when the communication was completed.

SSL (Secure Sockets Layer) is a cryptographic protocol used to secure the communication between web browsers and servers, by encrypting the data and providing authentication and integrity checks. SSL is not used by TACACS+ Version 1, as it was designed before SSL was introduced.

UDP (User Datagram Protocol) is a connectionless protocol that provides a lightweight and fast way to transmit data between endpoints, but does not guarantee reliability or ordering of the packets. UDP is not used by TACACS+ Version 1, as it requires a reliable transport mechanism for the AAA services.

SSH (Secure Shell) is a network protocol used to provide secure remote access to a command-line interface in network devices and servers, by encrypting the session and providing authentication and integrity checks. SSH is not used by TACACS+ Version 1, as it is a different protocol with a different purpose.

In summary, the correct answer is A. TCP, as it was used by the INITIAL version of TACACS for communication between clients and servers.